I have a setup at home where I keep a local git server running on a Raspberry Pi 3 which contains personal/work journal, dotfiles and a personal policy repository. It was set up manually so before adding a new git repository for a family password store I set about retrofiting the configuration in CFEngine. The goal in this blog is to ensure that what I have already is managed by CFEngine and that what I want to add, /srv/git/passwords.git, is created.
As an MSSP (Managed Security Service Provider), HIPAA Vault relies on CFEngine to automate & secure their infrastructure on behalf of their customers. HIPAA Vault has been a longtime CFEngine Community user since 2012 and recently upgraded to Enterprise in order to boost their infrastructure visibility through Mission Portal and features like Compliance Reporting that help them provide a more secure & compliant cloud hosting solution.
We chose CFEngine over others because it is the most trusted and reliable solution in the market. We are more interested in dependability than having the new shiny tool that just hit the market. says Gil Vidals, Founder & CEO of HIPAA Vault
New CFEngine Website Today we’re excited to announce the release of our new website. This has been several months in the making and just one of many big announcement we have planned for 2021. Our goal in redesigning the website is simply to enhance your experience when visiting.
Whether you’re an IT Manager evaluating our Enterprise feature set, a Systems Administrator interested in trying CFEngine for the first time or a long time community member, we hope our new website helps you find exactly what you’re looking for quickly and easily.
Generally speaking, CFEngine and Ansible can be used to solve the same problems, but their approaches are different. In this blog post I’d like to discuss the different approaches, their consequences, some advantages of each tool, and even using them together.
CFEngines autonomous agents CFEngine works by installing and running an agent on every host of your infrastructure. It is distributed, each CFEngine agent will evaluate its policy periodically and independently. They rely on a centralized hub for refreshing policy and reporting. Updating the policy, enforcing it, and reporting on the results are decoupled - each of these 3 steps can happen with different configurations / schedules.
cf-remote is a tool for downloading and installing/deploying CFEngine. It automates a lot of the things you have to do before CFEngine is actually installed on your infrastructure, such as provisioning cloud instances, downloading CFEngine installers, copying them to remote hosts and installing / bootstrapping. To make it as easy as possible to get started with cf-remote and CFEngine, it is now available on pypi.
Getting started Installing cf-remote is as easy as:
We are excited to announce that CFEngine is now using GitHub Discussions. GitHub Discussions is a feature of GitHub repos, and similar to Q&A platforms like Stack Overflow, and other online forums. After testing it out for a few weeks we are pleased with how it works and want to encourage all our users to try it. We hope this fuels more discussion and sharing among CFEngine users - it is easy to discover on GitHub, many of you already have GitHub users, the UI is nice, and so the barrier to entry should be very low.
This blog post will focus on the bash programming part of implementing a promise type. To understand what custom promise types are, and how to use them, you should read the introduction first.
To implement a custom promise type in CFEngine, you need a promise module. The module is an executable, and can be written in any language. It’s possible to write one from scratch, but to make it as easy as possible, we decided to provide libraries for common programming languages. In our previous blog post, we showed how to implement modules in Python. That’s great, it’s a powerful, expressive and readable programming language, however there is one drawback; installing python. Many systems don’t have python already, or have a version which is too old. So you will need to add policy to install / update Python, to make sure modules work correctly everywhere.
CFEngine 3.17.0 introduced custom promise types, which enable CFEngine users to extend core functionality and policy language in a simple way. As an example of the power and simplicity of this new feature, I will show a promise type that helps to observe a website’s status. The module which implements this promise type was written in a couple of hours.
Creating a promise type for whether a site is up We will use Python and the CFEngine library to implement a promise module. Our previous blog post, “How to implement CFEngine custom promise types in Python”, explains this in detail.
Several months ago I started the practice of using CFEngine Enterprise and its Mission Portal UI on a daily basis to manage the connected devices in my home. To start, I brought up an old desktop machine, cfengine-hub, to use as my hub and downloaded Enterprise, which is free for use up to 25 hosts. The next step in using best practices is to deploy policy from a version control repository. I use a local git server named git-server-zero instead of GitHub or GitLab as I like to be independent of the cloud when possible due to privacy and environmental concerns. I will use the Mission Portal Version Control Repository settings section to setup this repo as the source of policy for cfengine-hub.
Scalability is an important feature of any infrastructure management solution. Either the to-be-managed infrastructure is big already or it is expected to grow as the business grows. Over time more and more resources are needed for CI/CD pipelines and more customers use the product(s). Generally, growing a business means more traffic and requests need to be handled by the infrastructure. Hence, scalability is an important metric for comparing infrastructure management tools when deciding which one to use. Or which ones. Read our latest white paper, benchmarking and comparing the scalability of Ansible and CFEngine for large scale infrastructure management:
